ok thanks, however, now that I have an unsecure key. . . .
If I use this key to generate a csr, what would the potential risk be?
> I'm using SSLeay to generate keys for a csr. Is there a way to
automate the
> process so the user doesn't have to enter a passphrase, but instead
have
> the passphrase 'preset' from another process, like a username/password
form
> on a webpage.
>
> The command is...
> ./ssleay genrsa -des3 -out server.key 1024
>
> which stops to ask for the passphrase, but I was hoping to not have
to stop
> and enter a passphrase....
First, you could use an unencrypted RSA server.key
./ssleay genrsa -out server.key 1024
but of course it's insecure.
Second, you could use the mod_ssl feature for PassphraseDialog (just
take
a look to the pretty nice mod_ssl manual). But (except smartcards) I
haven't found a secure and automatic solution.
In your case you could work with an unencrypted key, and encrypt it at
last (when the CSR generation is finished). To encrypt a "plain" RSA
key, you may use:
./ssleay rsa -des3 -in server.key.rsa -out server.key && rm
server.key.rsa
or so.
oki,
Steffen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
